Wednesday, March 21, 2018

Protenus,
Inc. has released its February Breach
Barometer, with its analysis of 39 health data incidents compiled
for them by this site. As I have done in companion posts to their
previous reports, I am providing a list, below, of the incidents upon
which their report is based. Where additional details are available,
I have linked to them. In some cases, as in past months, the only
information we have is what HHS has posted on their public breach
tool (referred to by some as the “Wall of Shame”). Because HHS’s
reporting form results in ambiguous reports, some incidents reported
to HHS wind up being coded as “UNKNOWN” for breach vector in
Protenus’s analyses. Similarly, HHS’s form does not seem to
result in accurate estimates of the role of third parties or Business
Associates, and Protenus’s report contains more reports involving
third parties than HHS’s list would suggest or indicate.

Unlike previous months’ reports, though, you
will see four “nonpublic” incidents in this
month’s tally. I will be discussing those four incidents later in
this post, but let’s start with a few of the highlights from
Protenus’s report for February:

39 incidents,
with details for 28 of them;

348,889 records
for the 28 incidents for which we had numbers;

16 Insider
incidents, accounting for 177,247 records: 15 out of 16 were
insider-error, and 1 was insider-wrongdoing;

13 Hacking
incidents, accounting for 160,381 records;

11 Business
Associate/Third Party incidents; and

23 of the 39 incidents involved providers.

See their report for additional statistics and
analyses, including their analyses of gap to discovery of breaches
and gap to reporting/disclosing of breaches. Here is the list of the
39 incidents compiled for February:

Something my students will be discussing this
Quarter. At last, a recommendation for a paper trail! But no way to
match it to vote totals?

In a press conference today, the Senate Select
Committee on Intelligence presented its urgent recommendations for
protecting election systems as the U.S. moves toward midterm
elections later this year.

I
posted over a dozen references and sources on this issue when it
began to break, and I use the word ‘began’ cautiously. The
massive, unmonitored [dubbed
harvesting] collection of social media user data is far greater than
users of various applications have been willing to address, or even
attempt to mitigate against future harvesting efforts [if they have
any capability of doing so in the first place – which remains
unclear]. This premise stands completely separate from the concept
of any regulatory function or layer that may exist between users and
the companies, here and abroad, that acquire our data (often at no
cost at all) and use it until such time that a whistleblower
or two enter from stage left and lift the curtain on all the backend
techie sausage making.

General John Hyten, who leads US Strategic Command
(STRATCOM), told lawmakers the US has "not gone nearly far
enough" in the cyber domain, also noting that the
military still lacks clear rules of cyber engagement.

"We have to go much further in treating
cyberspace as an operational domain," Hyten told the Senate
Armed Services Committee.

"Cyberspace needs to be looked at as a
warfighting
domain, and if somebody threatens us in cyberspace we need to
have the authorities to respond."

Hyten noted, however, that the US had made some
progress in conducting cyber attacks on enemies in the Middle East,
such as the Islamic State group.

His testimony comes weeks after General Curtis
Scaparrotti, commander of NATO forces in Europe, warned that US
government agencies are not coordinating efforts to
counter the cyber threat from Russia, even as Moscow conducts a
"campaign of destabilization."

Earlier this month, Kaspersky published a report
detailing the activities of a threat actor targeting entities in the
Middle East and Africa — sometimes by hacking into their Mikrotik
routers. The group is believed to have been active since at least
2012 and its members appear to speak English, the security firm said.

The main piece of malware used by the group has
been dubbed Slingshot
based on internal strings found by researchers. Kaspersky identified
roughly 100 individuals and organizations targeted with the Slingshot
malware, mainly in Kenya and Yemen, but also in Afghanistan, Libya,
Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.

CyberScoop
claims to have learned from unnamed current and former U.S.
intelligence officials that Slingshot is actually an operation of the
U.S. military’s Joint Special Operations Command (JSOC), a
component of Special Operations Command (SOCOM), aimed at members of
terrorist organizations such as ISIS and al-Qaeda. SOCOM is well
known for its counterterrorism operations, which can sometimes
include a cyber component.

Something to liven up those dull PowerPoint
slides? Screaming, groaning, weeping students perhaps?

ZapSplat
is a website that offers more than 20,000 sound effects and songs
that you can download and
re-use for free. The licensing that ZapSplat uses is
quite clear.
As long as you cite
ZapSplat, you can use the sound effects and music in your
videos, podcasts, and other multimedia projects.

ZapSplat
does require you to create an account in order to download the MP3
and WAV files that it hosts. Once you have created an account you
can download as many files as you like. ZapSplat does offer a "Gold"
account. The benefit of a Gold account is that you don't have to
cite ZapSplat and access to an expanded library of sounds.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.